Dropbox denies hacking claims

Dropbox has denied reports that hackers broke into its computer systems and stole almost seven million usernames and passwords, claiming that the data leaked online is not associated with Dropbox accounts.

Yesterday it emerged that over 400 alleged usernames and passwords for online document-sharing site Dropbox had been published on anonymous information-sharing websitePastebin.

The anonymous user claimed to have hacked 6,937,081 Dropbox accounts, and was offering to publish more user details in exchange for Bitcoin donations.

However, Dropbox has denied the claim, stating that the usernames and passwords were stolen from unrelated services, and used in attempts to log in to Dropbox accounts.

"We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well," the company said.

"Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account."

Nevertheless, the data breach illustrates how the inherent limitations of the username/password system, combined with lax security habits, are endangering consumers’ digital assets.

"Every high profile breach is another nail in the coffin for the humble username and password system," said Richard Parris, chief executive of identity management firm Intercede.

Tony Pepper, chief executive of encryption company Egress, added that the incident highlights the insecurities of the cloud and the fact user passwords can easily be sourced from other areas.

"Businesses should ensure that they can offer users secure alternatives, with built-in encryption and auditing, so that they can still use Dropbox-like services without compromising data security," he said.

The news comes after US whistleblower Edward Snowden warned that people who care about their privacy should stay away from popular consumer internet services like Dropbox.

Speaking via video link as part of the New Yorker Festival last weekend, he said that people who say they have nothing to hide are "inverting the model of responsibility for how rights work".

"When you say, 'I have nothing to hide,' you’re saying, 'I don’t care about this right.' You’re saying, 'I don’t have this right, because I’ve got to the point where I have to justify it'," he said.

"The way rights work is, the government has to justify its intrusion into your rights."